Debian 9 LTS: DLA-2323-1 Critical Linux 4.19 Security Issues
debian lts
August 12, 2020
Linux 4.19 has been packaged for Debian 9 as linux-4.19
Summary
This backport does not include the following binary packages:
hyperv-daemons libbpf-dev libbpf4.19 libcpupower-dev libcpupower1
liblockdep-dev liblockdep4.19 linux-compiler-gcc-6-arm
linux-compiler-gcc-6-x86 linux-cpupower linux-libc-dev lockdep
usbip
Older versions of most of those are built from the linux source
package in Debian 9.
The kernel images and modules will not be signed for use on systems
with Secure Boot enabled, as there is no support for this in Debian 9.
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or information leak.
CVE-2019-18814
Navid Emamdoost reported a potential use-after-free in the
AppArmor security module, in the case that audit rule
initialisation fails. The security impact of this is unclear.
CVE-2019-18885
The 'bobfuzzer' team discovered that crafted Btrfs volumes could
trigger a crash (oops). An attacker able to mount such a volume
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
-------------------------------------------------------------------------Package: linux-4.19
Version: 4.19.132-1~deb9u1
CVE ID: CVE-2019-18814 CVE-2019-18885 CVE-2019-20810 CVE-2020-10766
Debian Bug: 958300 960493 962254 963493 964153 964480 965365
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!